07-30-2010 12:12 PM
I have ACE 4710 and I have configured five Servers for HTTP load balancing. Four servers are connected on the LAN side of the ACE are working fine without any problem excecpt one Server (192.168.10.39) that is located in DR Side across the WAN is not working. though the routing and If i will do the telnet from other side I can telnet on port 80 without any problem. But when opening the URL in browser is showing in inital stage. Policy is same on all the interface, routing is also same. Only difference is the NAT which i m using on the LAN side to force the traffic to pass through the ACE. But for the WAN side traffic automatically hitting to the ACE so I didnt use the NAT.
Please let me know why remote location server is not being load balancing by ACE why only inside servers are load balanced.
Below is the configuration of the ACE
serverfarm host SF_ENOC_TP_Server
probe PROBE_TCP
rserver TP_1
inservice
rserver TP_2
inservice
rserver TP_3
inservice
rserver TP_4
inservice
rserver TP_5
inservice
sticky http-cookie ENOC_COOKIE TP_COOKIE_INSERT
cookie insert
replicate sticky
serverfarm SF_ENOC_TP_Server
class-map match-any ENOC_TP_Server
2 match virtual-address 172.23.15.30 tcp eq www
interface vlan 300
description ACE-INSIDE CONTEXT RACK1
ip address 192.168.0.65 255.255.255.224
alias 192.168.0.73 255.255.255.224
peer ip address 192.168.0.66 255.255.255.224
no normalization
mac-address autogenerate
no icmp-guard
access-group input acl-in
nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat
service-policy input PM_ENOC_Servers
interface vlan 200
description WAN-VLAN CONTEXT RACK1
ip address 192.168.0.33 255.255.255.224
alias 192.168.0.43 255.255.255.224
peer ip address 192.168.0.34 255.255.255.224
mac-address autogenerate
access-group input acl-wan
service-policy input PM_ENOC_Servers
policy-map type loadbalance first-match PM_LB_ENOC_TP_Server
class class-default
sticky-serverfarm TP_COOKIE_INSERT
policy-map multi-match PM_ENOC_Servers
class CITRIX_GW
loadbalance vip inservice
loadbalance policy PM_LB_CITRIX_GW
loadbalance vip icmp-reply active
nat dynamic 5 vlan 300
class ENOC_TP_Server
loadbalance vip inservice
loadbalance policy PM_LB_ENOC_TP_Server
loadbalance vip icmp-reply active
nat dynamic 5 vlan 300
ENOCDC-ACE01/Rack1# show serverfarm SF_ENOC_TP_Server
serverfarm : SF_ENOC_TP_Server, type: HOST
total rservers : 5
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: TP_1
192.168.200.29:0 8 OUTOFSERVICE 0 0 0
rserver: TP_2
192.168.200.34:0 8 OUTOFSERVICE 0 0 0
rserver: TP_3
192.168.200.81:0 8 OUTOFSERVICE 0 0 0
rserver: TP_4
192.168.200.82:0 8 OUTOFSERVICE 0 0 0
rserver: TP_5
192.168.10.39:0 8 OPERATIONAL 1 0 1
ENOCDC-ACE01/Rack1# show conn serverfarm SF_ENOC_TP_Server
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
30252 1 in TCP 200 172.20.106.25:4478 172.23.15.30:80 ESTAB
82322 1 out TCP 200 192.168.10.39:80 172.20.106.25:4478 INIT
ENOCDC-ACE01/Rack1# show conn serverfarm SF_ENOC_TP_Server
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
33949 1 in TCP 200 192.168.10.71:3091 172.23.15.30:80 ESTAB
8390 1 out TCP 200 192.168.10.39:80 192.168.10.71:3091 INIT
07-30-2010 12:40 PM
I show couple of discrepancy in the configuration which needs to be corrected.
interface vlan 300
nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat---->nat-pool 1 192.168.0.253 192.168.0.253 netmask 255.255.255.255 pat
class ENOC_TP_Server
nat dynamic 5 vlan 300-------------------------------------------->nat dynamic 1 vlan 300
07-30-2010 01:45 PM
actually this is right configuration i am using seperate nat for each load balancing server. See the below mention detail interface configuration.
interface vlan 300
description ACE-INSIDE CONTEXT RACK1
ip address 192.168.0.65 255.255.255.224
alias 192.168.0.73 255.255.255.224
peer ip address 192.168.0.66 255.255.255.224
no normalization
mac-address autogenerate
no icmp-guard
access-group input acl-in
nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat
nat-pool 3 172.23.16.3 172.23.16.3 netmask 255.255.255.255 pat
nat-pool 4 172.23.16.4 172.23.16.4 netmask 255.255.255.255 pat
nat-pool 5 172.23.16.5 172.23.16.5 netmask 255.255.255.255 pat
service-policy input PM_ENOC_Servers
service-policy input PM_RT_FAX
service-policy input PM_ITSM_Web_Server
service-policy input PM_ITSM_MAPP_Server
service-policy input PM_BYPASS_FOR_LAN_HTTP
service-policy input PM_BYPASS_HTTP
service-policy input PM_MAIN_BCPROXY
Please let me know what i am missing. Only LAN side servers are load balance properly but the WAN side are not able to load balance.
08-04-2010 10:33 PM
Hi,
Check your NAT properly, most of the times it is NAT related issue. I was also facing similar issue earlier but when it was diagnosed properly it found to be NAT issue...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: